Author Topic: Behavior shield reports infected item  (Read 30359 times)

0 Members and 1 Guest are viewing this topic.

Offline moonshadows

  • Newbie
  • *
  • Posts: 5
Re: Behavior shield reports infected item
« Reply #60 on: November 09, 2010, 05:57:44 PM »
MY BEHAVIOR SHOWS 18 INFECTED ITEMS AND I GET BOOTED OFF MY COMP. ALOT I RAN BOOT SCANS THE SCANNERS DONT PICK UP ANYTHING .. BUT WHEN I GET BOOTED OFF MY COMP.. WHEN I GET BACK ON THE COMP.. I CHECK THE AVAST SHIELDS AND ITS THE SAME TIME THE AVAST SHIELD PICKS UP A INFECTION .. BUT IT DONT EVER SAY WHAT IT IS ..

I AM RUNNING WINDOWS XP SP3
HAVE ALL UPDATES EVEN PUT IN A NEW INSTALL OF WINDOWS RAN GREAT FOR A FEW DAYS THEN THE SHIELD STARTED PICKING UP INFECTIONS AGAIN.. AND NOW I GET BOOTED AGAIN GRRRR

HELP :'(

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Behavior shield reports infected item
« Reply #61 on: November 09, 2010, 10:57:35 PM »
I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8784
Re: Behavior shield reports infected item
« Reply #62 on: November 09, 2010, 11:31:57 PM »
moonshadows

Check your Caps Lock key as you appear to like to SHOUT.
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline moonshadows

  • Newbie
  • *
  • Posts: 5
Re: Behavior shield reports infected item
« Reply #63 on: November 10, 2010, 01:20:22 PM »
Sorry about caps ..i am downloading Dr.Web now i now have 21 infections

Offline moonshadows

  • Newbie
  • *
  • Posts: 5
Re: Behavior shield reports infected item
« Reply #64 on: November 10, 2010, 02:13:19 PM »
here is my hijack this scan


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:05:19 AM, on 11/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickCare] C:\Program Files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287671081453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1288064999781
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 5535 bytes

Offline moonshadows

  • Newbie
  • *
  • Posts: 5
Re: Behavior shield reports infected item
« Reply #65 on: November 10, 2010, 02:17:59 PM »
I ran DrWeb CureIT! it found 1 object but it was my dsl service didnt no what to do with it ,so i just closed it off .

Ran the Secunia scanner the Result

Detection Statistics:
8 Applications Detected in Total
2 Insecure Versions Detected
6 Patched Versions Detected

I been scanning everything i have over and over,but i did notice one thing that is very odd ,i only get booted off my comp. when i am on Yahoo Messenger talking to my boyfriend. i took Yahoo out and redid it but it still happenes ,Why i no its comming from there i had my comp. on for the last few days without yahoo,no comp shut down, but when i sign into yahoo and start talking to him, within the hour my comp. shuts down. Can anyone help on this problem? i only talk to him on there .
« Last Edit: November 15, 2010, 05:00:11 PM by moonshadows »

Offline Charyb

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2372
Re: Behavior shield reports infected item
« Reply #66 on: December 03, 2010, 05:51:39 AM »
I would like to hear some type of response on this. It has been posted since the beginning of July and no one from Avast has responded since the 3rd of July. How about, "A fix is in the works", or "Reporting issues will be fixed in 5.1"? Something???
« Last Edit: December 03, 2010, 06:22:05 AM by Charyb »

crofty59

  • Guest
Re: Behavior shield reports infected item
« Reply #67 on: December 03, 2010, 06:29:05 AM »
I would like to hear some type of response on this. It has been posted since the beginning of July and no one from Avast has responded since the 3rd of July. How about, "A fix is in the works", or "Reporting issues will be fixed in 5.1"? Something???

Wish you luck, I have lost faith with their support, (Avast Personnel)on the forum plus their support tickets, been waiting nearly 3 months.

Cheers 

Offline Charyb

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2372
Re: Behavior shield reports infected item
« Reply #68 on: December 03, 2010, 04:36:01 PM »
It makes absolutely no sense to me why Avast just blows this off. The forum helps thousands of people to understand and to solve problems regarding Avast. Not saying that all problems reported on this forum are caused by Avast. How about, instead of using the forum to solve problems, everyone submit a support ticket? I don't think this would be good use of Avast's time and resources. A simple response on the forum by an Avast team member can resolve an issue for hundreds of users therefore reducing the amount of support tickets generated. One solution on the forum versus an unknown amount of support tickets generated? I would choose the "one solution on the forum". It's also a matter of common courtesy to respond in a timely manner. There are many good folks on this forum helping to solve problems so you (Avast) don't have to spend the time and resources in dealing with it. How about showing a little appreciation for this by providing solutions on the forum for the problems that can not be solved by Avast users?

This topic now has 5000 views.
« Last Edit: December 03, 2010, 04:57:12 PM by Charyb »

Offline moonshadows

  • Newbie
  • *
  • Posts: 5
Re: Behavior shield reports infected item
« Reply #69 on: December 16, 2010, 12:50:20 AM »
I gave up waiting for a answer, i ended up buying another comp. :-[